C++: Fix 'BSTRToArray' stub and MaD model.

Author: MathiasVP

cpp/ql/lib/ext/CComBSTR.model.yml

@@ -20,7 +20,7 @@ extensions:
       - ["", "CComBSTR", True, "ArrayToBSTR", "", "", "Argument[*0].Field[*pvData]", "Argument[-1]", "value", "manual"]
       - ["", "CComBSTR", True, "AssignBSTR", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
       - ["", "CComBSTR", True, "Attach", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
-      - ["", "CComBSTR", True, "BSTRToArray", "", "", "Argument[-1]", "Argument[*0].Field[*pvData]", "value", "manual"]
+      - ["", "CComBSTR", True, "BSTRToArray", "", "", "Argument[-1]", "Argument[**0].Field[*pvData]", "value", "manual"]
       - ["", "CComBSTR", True, "Copy", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
       - ["", "CComBSTR", True, "CopyTo", "", "", "Argument[-1]", "Argument[*0]", "value", "manual"]
       - ["", "CComBSTR", True, "LoadString", "(HINSTANCE,UINT)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]

cpp/ql/test/library-tests/dataflow/external-models/flow.expected

@@ -11,14 +11,14 @@ edges
 | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 |
 | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance |  |
 | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 |
-| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:801 |
-| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:799  |
-| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:800 |
+| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:800 |
+| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:798  |
+| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:799 |
 | test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance |  |
 | test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance |  |
-| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:800 |
+| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:799 |
 | test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance |  |
-| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:801 |
+| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:800 |
 nodes
 | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer |
 | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer |

cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp

@@ -426,7 +426,7 @@ struct CComBSTR {
   HRESULT ArrayToBSTR(const SAFEARRAY* pSrc) throw();
   HRESULT AssignBSTR(const BSTR bstrSrc) throw();
   void Attach(BSTR src) throw();
-  HRESULT BSTRToArray(LPSAFEARRAY ppArray) throw();
+  HRESULT BSTRToArray(LPSAFEARRAY* ppArray) throw();
   unsigned int ByteLength() const throw();
   BSTR Copy() const throw();
   HRESULT CopyTo(BSTR* pbstr) throw();
@@ -504,10 +504,10 @@ void test_CComBSTR() {
     sink(b8.m_str); // $ ir
 
     CComBSTR b9;
-    SAFEARRAY safe;
+    LPSAFEARRAY safe;
     b9.Append(source<char>());
     b9.BSTRToArray(&safe);
-    sink(safe.pvData); // $ ir
+    sink(safe->pvData); // $ ir
 
     sink(b9.Copy()); // $ ir
   }

cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected

@@ -606,8 +606,8 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future
 | atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:509:5:509:6 | b9 |  |
 | atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:512:10:512:11 | b9 |  |
 | atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b9 |  |
-| atl.cpp:507:15:507:18 | safe | atl.cpp:509:21:509:24 | safe |  |
-| atl.cpp:507:15:507:18 | safe | atl.cpp:510:10:510:13 | safe |  |
+| atl.cpp:507:17:507:20 | safe | atl.cpp:509:21:509:24 | safe |  |
+| atl.cpp:507:17:507:20 | safe | atl.cpp:510:10:510:13 | safe |  |
 | atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:509:5:509:6 | b9 |  |
 | atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:512:10:512:11 | b9 |  |
 | atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:513:3:513:3 | b9 |  |

cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected

@@ -613,7 +613,7 @@ getParameterTypeName
 | atl.cpp:426:11:426:21 | ArrayToBSTR | 0 | const SAFEARRAY * |
 | atl.cpp:427:11:427:20 | AssignBSTR | 0 | const BSTR |
 | atl.cpp:428:8:428:13 | Attach | 0 | BSTR |
-| atl.cpp:429:11:429:21 | BSTRToArray | 0 | LPSAFEARRAY |
+| atl.cpp:429:11:429:21 | BSTRToArray | 0 | LPSAFEARRAY * |
 | atl.cpp:432:11:432:16 | CopyTo | 0 | BSTR * |
 | atl.cpp:434:11:434:16 | CopyTo | 0 | VARIANT * |
 | atl.cpp:438:8:438:17 | LoadString | 0 | HINSTANCE |